PRIVACY Forum Digest Sunday, 15 August 1993 Volume 02 : Issue 28
Moderated by Lauren Weinstein (lauren@vortex.com)
Vortex Technology, Topanga, CA, U.S.A.
===== PRIVACY FORUM =====
The PRIVACY Forum digest is supported in part by the
ACM Committee on Computers and Public Policy.
CONTENTS
Re: Loss of conciousness & the DMV (Mel Beckman)
CPSR and the NII (Nikki Draper)
NSA Seeks Delay in Clipper (Dave Banisar)
"SKIPJACK Review Report" from Dorothy Denning
(Lauren Weinstein; PRIVACY Forum Moderator)
*** Please include a RELEVANT "Subject:" line on all submissions! ***
*** Submissions without them may be ignored! ***
-----------------------------------------------------------------------------
The Internet PRIVACY Forum is a moderated digest for the discussion and
analysis of issues relating to the general topic of privacy (both personal
and collective) in the "information age" of the 1990's and beyond. The
moderator will choose submissions for inclusion based on their relevance and
content. Submissions will not be routinely acknowledged.
ALL submissions should be addressed to "privacy@vortex.com" and must have
RELEVANT "Subject:" lines; submissions without appropriate and relevant
"Subject:" lines may be ignored. Excessive "signatures" on submissions are
subject to editing. Subscriptions are by an automatic "listserv" system; for
subscription information, please send a message consisting of the word
"help" (quotes not included) in the BODY of a message to:
"privacy-request@vortex.com". Mailing list problems should be reported to
"list-maint@vortex.com". All submissions included in this digest represent
the views of the individual authors and all submissions will be considered
to be distributable without limitations.
The PRIVACY Forum archive, including all issues of the digest and all
related materials, is available via anonymous FTP from site "ftp ftp.vortex.com",
in the "/privacy" directory. Use the FTP login "ftp" or "anonymous", and
enter your e-mail address as the password. The typical "README" and "INDEX"
files are available to guide you through the files available for FTP
access. PRIVACY Forum materials may also be obtained automatically via
e-mail through the listserv system. Please follow the instructions above
for getting the listserv "help" information, which includes details
regarding the "index" and "get" listserv commands, which are used to access
the PRIVACY Forum archive. All PRIVACY Forum materials are also
available through the Internet Gopher system via a gopher server on
site "gopher.vortex.com/".
For information regarding the availability of this digest via FAX, please
send an inquiry to privacy-fax@vortex.com, call (310) 455-9300, or FAX
to (310) 455-2364.
-----------------------------------------------------------------------------
VOLUME 02, ISSUE 28
Quote for the day:
"I know nothing. NOTH-ING!"
-- Sergeant Hans Schultz (John Banner)
"Hogan's Heroes" (1965-1971)
----------------------------------------------------------------------
Date: Mon, 2 Aug 93 07:38:12 PST
From: mbeckman@mbeckman.mbeckman.com (Mel Beckman)
Reply-To: mbeckman@mbeckman.com
Subject: Re: loss of conciousness & the DMV
In Regards to your letter <m0oMi6n-0001v3C@vortex.com>:
> It's lucky for the poor
> victim (who suffered from a brain tumor) that he didn't live in California,
> where doctors are required to report ANY loss of consciousness -- no matter
> what the cause -- to the DMV. After such a report has been made, it is
> nearly impossible to get a driver's license again -- EVER. It's the law.
As the moderator suspects, this statement is too broad. The requirement is
that any _unexplained_ or pathology-related loss of consciousness must be
reported. Obviously, if a patient loses consciousness as a result of some
trauma (e.g. a car accident), this need not be reported as a separate
incident. Similarly, loss of consciousness from anesthesia, heat
prostration, drug overdose, or other identifiable agent are not reportable.
Only when loss of consciousness is an unexplained phenomenon, or is due to
an intrinsic pathology (e.g. epilepsy) is it reportable.
-mel
______________________________________________________________________
| Mel beckman | Internet: mbeckman@mbeckman.com |
| Beckman Software Engineering | Compuserve: 75226,2257 |
| Ventura, CA 93003 | Voice/fax: 805/647-1641 805/647-3125 |
|____________________________|_____________________________________|
[ I was also pointed at an article in the "San Jose Mercury
News" from April 27, 1991 which reported horror stories of
people who, after a single fainting incident (apparently
prescription drug dosage induced) had their licenses and
auto insurance pulled, and had been unable to get them
back even after their health was declared perfectly OK. At
the time (at least) a lack of clearly defined standards
and a rush of doctors filing names after a heavily
publicized case (and a law protecting them from any actions
on the part of drivers who had their licenses pulled)
apparently were involved. I don't know if the situation
has improved in these regards during the 2+ years since
that article was written. -- MODERATOR ]
------------------------------
Date: Tue, 10 Aug 1993 09:43:40 PDT
From: Nikki Draper <draper@CSLI.Stanford.EDU>
Subject: CPSR and the NII
COMPUTER PROFESSIONALS ADD SOCIAL CONSCIENCE TO NATIONAL NETWORK DEBATE
Palo Alto, Calif., August 6, 1993 -- At a recent meeting in
Washington D.C., board members from Computer Professionals for
Social Responsibility (CPSR) were challenged by top level
telecommunications policy experts to craft a public interest vision of
the National Information Infrastructure (NII). The experts at the
roundtable discussion included Mike Nelson from the President's
Office of Science and Technology, Vint Cerf from the Internet Society,
Jamie Love from the Taxpayer's Assets Project, Ken Kay from
Computer Systems Policy Project, and Laura Breeden from FARnet.
"We were excited to discover that CPSR is in a position to play a key
role in shaping NII policy," said CPSR Board President, Eric Roberts.
"The commercial sector is already in the thick of the debate, but
there has been little coordinated response from the noncommercial
constituencies. After talking about the issues and CPSR's role, the
Board committed to meeting this challenge."
So far, the debate about the NII has centered around fiber versus
ISDN, cable companies versus telephone companies, research versus
commercialization, and so on. These are real questions with
important implications. However, CPSR believes that a better
starting point is a set of guiding principles as the context for all these
more detailed questions about "architecture," technical standards,
and prime contractor. Before arguing over bits and bytes, it is crucial
to clarify the vision and values that underlie a major endeavor like
the NII.
As individuals in the computing profession, CPSR's membership
knows that new technologies bring enormous social change.
CPSR's goal is to help shape this change in an informed manner.
Key issues discussed in the paper will include:
o ensuring that the design remains both open and flexible so
that it can evolve with changing technology.
o ensuring that all citizens have affordable network access and
the training necessary to use these resources.
o ensuring that risks of network failure and the concomitant
social costs are carefully considered in the NII design.
o protecting privacy and First Amendment principles in
electronic communication.
o guaranteeing that the public sector, and particularly schools
and libraries, have access to public data at a reasonable cost.
o seeking ways in which the network can strengthen democratic
participation and community development at all levels.
o ensuring that the network continues to be a medium for
experimentation and non commercial sharing of resources,
where individual citizens are producers as well as consumers.
o extending the vision of an information infrastructure beyond
its current focus of a national network, to include a global
perspective.
The national membership of CPSR brings a unique perspective to the
overall conception of the NII. Throughout CPSR's history, the
organization has worked to encourage public discussion of decisions
involving the use of computers in systems critical to society and to
challenge the assumption that technology alone can solve political
and social problems. This past year, CPSR's staff, national and
chapter leadership have worked on privacy guidelines for the
National Research and Education Network (NREN), conducted a
successful conference on participatory design, created local
community networks, organized on-line discussion groups on
intellectual property, and much more.
To ensure that its position paper is broadly representative, CPSR will
work in concert with other public interest groups concerned about
the NII, such as the newly established coalition in Washington D.C.,
the Telecommunications Policy Roundtable. CPSR chapters are will
be conducting a broad based public campaign to reach out beyond
the technical experts and producers -- to people who will be affected
by the NII even if they never directly log on.
CPSR will begin distributing its completed paper to policy makers
on October 16th at its annual meeting in Seattle, Washington.
The meeting will bring together local, regional and national decision
makers to take a critical look at the NII.
Founded in 1981, CPSR is a national, non-profit, public interest
organization of computer scientists and other professionals concerned
with the impact of computer technology on society. With offices in
Palo Alto, California, and Washington D.C., CPSR works to dispel
popular myths about technological systems and to encourage the
use of computer technology to improve the quality of life.
For more information on CPSR's position paper , contact
Todd Newman, CPSR board member, at 415-390-1614 .
For more information about CPSR, contact Nikki Draper,
Communications Director, at 415-322-3778 or
draper @csli.stanford.edu.
------------------------------
Date: Thu, 12 Aug 1993 9:37:14 EST
From: Dave Banisar <banisar@washofc.cpsr.org>
Subject: NSA Seeks Delay in Clipper
The National Security Agency (NSA) has asked a federal court
for a one-year delay in a lawsuit challenging the secrecy of the
government's "Clipper Chip" encryption proposal. The suit was
filed by Computer Professionals for Social Responsibility (CPSR)
on May 28 and seeks the disclosure of all information concerning
the controversial plan.
In an affidavit submitted to the United States District Court
for the District of Columbia on August 9, NSA Director of Policy
Michael A. Smith states that
NSA's search for records responsive to [CPSR's] request
is under way, but is not yet complete. Because the
Clipper Chip program is a significant one involving the
participation of organizations in four of NSA's five
Directorates and the Director's staff, the volume of
responsive documents is likely to be quite large.
Moreover, because the Clipper Chip program is highly
complex and technical and is, in substantial part,
classified for national security purposes, the review
process cannot be accomplished quickly.
CPSR called for the disclosure of all relevant information
and full public debate on the proposal on April 16, the day it was
announced. While NSA has insisted from the outset that the
"Skipjack" encryption algorithm, which underlies the Clipper
proposal, must remain secret, the Smith affidavit contains the
first suggestion that the entire federal program is classified "in
substantial part." In the interest of obtaining timely judicial
review of the agency's broad classification claim, CPSR intends to
oppose NSA's request for delay in the court proceedings.
In another case involving government cryptography policy,
CPSR has challenged NSA's classification of information concerning
the development of the Digital Signature Standard (DSS). The
court is currently considering the issue and a decision is
expected soon.
CPSR is a national public-interest alliance of computer
industry professionals dedicated to examining the impact of
technology on society. CPSR has 21 chapters in the U.S. and
maintains offices in Palo Alto, California, and Washington, DC.
For additional information on CPSR, call (415) 322-3778 or
e-mail <cpsr@cpsr.org>.
David L. Sobel
CPSR Legal Counsel
<sobel@washofc.cpsr.org>
------------------------------
Date: Sun, 15 Aug 93 13:03 PDT
From: lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator)
Subject: SKIPJACK Review Report from Dorothy Denning
Greetings. Dorothy Denning recently forwarded me the "SKIPJACK Review
Interim Report." This is the report from the group of outside experts who
were to study the security of the "Clipper Chip" algorithm, the details of
which remain classified. I've included the Executive Summary of the report
below. Note that this study was apparently concerned only with algorithmic
issues, not with the many other issues surrounding Clipper.
The complete text of the report (which is plain ASCII text) and
an attached appendix (in Latex source form) has been placed into the
PRIVACY Forum archives. To access:
Via Anon FTP: From site "ftp ftp.vortex.com": /privacy/skipjack.1.Z
or: /privacy/skipjack.1
Via e-mail: Send mail to "listserv@vortex.com" with the line:
get privacy skipjack.1
as the first text in the BODY of your message.
Via gopher: From the gopher server on site "gopher.vortex.com/"
in the "*** PRIVACY Forum ***" area under "skipjack.1".
--Lauren--
----------------------------------------
SKIPJACK Review
Interim Report
The SKIPJACK Algorithm
Ernest F. Brickell, Sandia National Laboratories
Dorothy E. Denning, Georgetown University
Stephen T. Kent, BBN Communications Corporation
David P. Maher, AT&T
Walter Tuchman, Amperif Corporation
July 28, 1993
(copyright 1993)
Executive Summary
The objective of the SKIPJACK review was to provide a mechanism whereby
persons outside the government could evaluate the strength of the
classified encryption algorithm used in the escrowed encryption devices
and publicly report their findings. Because SKIPJACK is but one
component of a large, complex system, and because the security of
communications encrypted with SKIPJACK depends on the security of the
system as a whole, the review was extended to encompass other
components of the system. The purpose of this Interim Report is to
report on our evaluation of the SKIPJACK algorithm. A later Final
Report will address the broader system issues.
The results of our evaluation of the SKIPJACK algorithm are as
follows:
1. Under an assumption that the cost of processing power is halved
every eighteen months, it will be 36 years before the cost of
breaking SKIPJACK by exhaustive search will be equal to the cost
of breaking DES today. Thus, there is no significant risk that
SKIPJACK will be broken by exhaustive search in the next 30-40
years.
2. There is no significant risk that SKIPJACK can be broken through a
shortcut method of attack.
3. While the internal structure of SKIPJACK must be classified in
order to protect law enforcement and national security objectives,
the strength of SKIPJACK against a cryptanalytic attack does not
depend on the secrecy of the algorithm.
------------------------------
End of PRIVACY Forum Digest 02.28
************************